IT security news on the latest technology and the number one resource for your hardware and software needs.
Visit us at www.hyphenet.com

Tuesday, February 5, 2013

Security Flaw Found in VLC Media Player 2.0.5 & Earlier

VideoLAN is advising VLC media player users not to open files from untrusted third-parties following the discovery of a vulnerability in the ASF demuxer of VLC media player versions 2.0.5 and earlier.

According to the security advisory posted on the VideoLAN website, a buffer overflow might occur when parsing a specially crafted ASF movie, which could allow an attacker to trigger an invalid memory access & crash VLC media player.

The advisory also warns that this exploit could potentially be used by attackers to execute arbitrary code “within the content of the application,” although that scenario has not been confirmed.

VideoLAN states that this vulnerability will be patched in version 2.0.6, but it’s unclear when it will be released. The advisory hinted at a January release, but only 2.0.5 remains available to download.